[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

IDP Policies—Quick Configuration

This topic contains:

Configuring IDP Policies—Quick Configuration

You can use J-Web Quick Configuration to quickly configure an IDP policy.

Figure 173: Quick Configuration page for IDP Policies

Image s030645.gif

To configure an IDP policy with Quick Configuration:

Select Configuration > Quick Configuration > Security Policies > IDP Policies.
Figure 173 shows the Quick Configuration page for IDP policies.
Fill in the information as described in Table 130.
Click one of the following buttons:
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.

Table 130: IDP Policies Quick Configuration Page Summary

Field	Function	Actions
Active IDP Policy	Specifies the name of the active IDP policy enabled on the device.	Displays the active IDP policy.
Security Package Update	Specifies to manually download or install the updated signature database from the specified URL.	Click Security Package Update to download or install the updated signature database. For more information, see Configuring a Security Package Update—Quick Configuration.
Configured IDP Policies List	Specifies the list of all the configured IDP policies on the device.	Displays the list of all the configured IDP Policies on the device.
Configured Rulebase(s)	Specifies to reorder the IPS and Exempt rulebases in the Configured IDP Policies List.	From the Name column, select the policy name. A new page with the configured rulebases appears. From the Move column, select the up or down arrow to reorder the configured rulebase(s) in the IPS Rulebase and Exempt Rulebase tables.
Set as active policy	Specifies if the configured IDP policy is set as the active policy in the Configured IDP Policies List.	Select the check box next to the IDP policy you want to set as an active policy.
Add	Specifies to add a new IDP policy.	Click Add to add a new IDP policy. For more information, see Adding a New IDP Policy—Quick Configuration.
Copy	Specifies to copy an existing IDP policy from the Configured IDP Policies List.	Open a new page, where you can select a policy, and click Copy.
Delete	Specifies to delete an existing IDP policy from the Configured IDP Policies List.	Select the check box corresponding to the policy you want to delete, and click Delete.

Adding a New IDP Policy—Quick Configuration

You can use J-Web Quick Configuration to quickly configure and add a new IDP policy.

Figure 174: Quick Configuration Page for Adding a New IDP Policy

Image s030643.gif

To configure a new IDP policy with Quick Configuration:

Select Configuration > Quick Configuration > Security Policies > IDP Policies.
From the IDP Policies page, click Add to add a new IDP policy.
Figure 174 shows the Quick Configuration page for adding a new IDP policy.
Fill in the information as described in Table 131.
Click one of the following buttons:
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.

Table 131: Adding a New IDP Policy Quick Configuration Page Summary

Field	Function	Actions
Policy Name
Policy Name	Specifies the name of the IDP policy.	Type a policy name.
Set as active policy	Specifies if the configured IDP policy is set as the active policy.	Select the check box.
IPS Rulebase	Defines the IPS rulebase to protect the network from attacks by using attack objects to detect known and unknown attacks.	Click Add under IPS Rulebase to add a new IPS rulebase to the IDP policy. For more information, see Adding an IPS Rulebase—Quick Configuration.
Exempt Rulebase	Defines the exempt rulebase to exclude known false positives or to exclude a specific source, destination, or source/destination pair from matching an IPS rule.	Click Add under Exempt Rulebase to add an exempt rulebase to the IDP policy. For more information, see Adding an Exempt Rulebase—Quick Configuration.

Adding an IPS Rulebase—Quick Configuration

You can use J-Web Quick Configuration to quickly configure and add an IPS rulebase.

Figure 175: Quick Configuration Page for Adding an IPS Rulebase

Image s030646.gif

To configure an IPS rulebase with Quick Configuration:

Select Configuration > Quick Configuration > Security Policies > IDP Policies.
In the Policy Name text box, type a policy name.
Under IPS Rulebase, click Add to add an IPS rulebase.
Figure 175 shows the Quick Configuration page for IPS rulebase.
Fill in the information as described in Table 132.
Click one of the following buttons:
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.

Table 132: Adding an IPS Rulebase Quick Configuration Page Summary

Field	Function	Actions
Policy Name	Specifies the name of the IDP Policy.	Displays the name of the IDP policy.
Rulebase	Specifies IPS rule to create, modify, delete, and reorder the rules in a rulebase.	Displays the name of the rulebase.
Configure Rule Name and Description
Rule Name	Specifies the name of the IPS rulebase rule.	Type a rule name.
Description	Specifies the description for the rule.	Type the description for the rule.
Rule Match Criteria
From-Zone and Source Addresses/Address Sets
Match	Specifies the match criteria for the source zone for each rule.	Click the option button to enable the match criteria.
Source Address Book	Lists all the from-zone and source addresses/address sets for the policy.	Select the from-zone and source addresses/address sets from the list and do one of the following: To match the from-zone and source address/address sets to the rule, click the left arrow. To make the from-zone exceptions for each rule, click the right arrow.
Except	Specifies the zone exceptions for the from-zone and source address for each rule.	Click the option button to enable the exception criteria.
To-Zone and Destination Addresses/Address Sets
Match	Specifies the match criteria for the to-zone and source addresses for each rule.	Click the option button to enable the match criteria.
Destination Address Book	Lists all the to-zone and destination addresses/address sets for the policy.	Select the to-zone and destination addresses/address sets from the list and do either one of the following: To match the to-zone and destination addresses/address sets to the rule, click the left arrow. To make the to-zone exceptions for each rule, click the right arrow.
Except	Specifies the except criteria for the to-zone and source address for each rule.	Click the option button to enable exception criteria.
Applications and Application Sets
Matched	Specifies the type of network traffic you want the device to monitor for attacks.
Application/Application Sets	Lists one or multiple configured applications and application sets.	Select the applications and application sets to be matched and do either one of the following: To match the rule to the applications/application sets, click the left arrow. To remove the rule match for the applications/application sets, select the rule match and click the right arrow.
Specify a rule action
Rule Action	Lists all the rule actions for IDP to take when the monitored traffic matches the attack objects specified in the rules.	Select a rule action from the list.
Attacks and Attack Action
Predefined Attacks	Specifies predefined attack objects that are used to match the traffic against known attacks.	Type a valid predefined attack name and do either one the following: To add a predefined attack, type it next to the Add button, and click Add. To remove a predefined attack, select it in the Predefined Attacks box, and click Delete.
Predefined Attack Groups	Specifies predefined attack groups that are used to match the traffic against known attack objects.	Enter a valid predefined attack group name and do either one the following: To add a predefined attack group, type it next to the Add button, and click Add. To remove a predefined attack group, select it in the Predefined Attack groups box, and click Delete.
Custom Attacks	Specifies the custom attack objects to detect new attacks that are unique to your network.	Select one or multiple custom attacks from the Custom Attacks List and do either one of the following: To match a custom attack to the rule, click the left arrow. To remove the rule match for the custom attack to the rule, select the rule match and click the right arrow.
Attack Action
IP Action	Specifies the action IDP takes against future connections that use the same IP address.	Select an IP action from the list.
IP Target	Specifies the destination IP address.	Select an IP target from the list.
Timeout	Specifies the number of seconds IP action should remain effective before new sessions are initiated within that specified timeout value.	Type the timeout value, in seconds. Maximum acceptable value is 65535 seconds.
Log IP Action	Specifies if the log attacks are enabled to create a log record that appears in the log viewer.	Select the check box.
Rule Additional Actions
Severity	Specifies the rule severity levels in logging to support better organization and presentation of log records on the log server.	Select a severity level from the list.
Terminal	Specifies if the terminal rule flag is set or unset.	Select the check box.
Notifications - Attack Logging
Enable	Specifies if the configuring attack logging alert is enabled.	Select the check box.
Set Alert Flag	Specifies if an alert flag is set.	Select the check box.

Adding an Exempt Rulebase—Quick Configuration

You can use J-Web Quick Configuration to quickly configure and add an exempt rulebase.

Figure 176: Quick Configuration Page for Adding an Exempt Rulebase

Image s030644.gif

To configure an exempt rulebase with Quick Configuration:

Select Configuration > Quick Configuration > Security Policies > IDP Policies.
In the Policy Name text box, type a policy name.
Under Exempt Rulebase, click Add to add an exempt rulebase.
Figure 176 shows the Quick Configuration page for exempt rulebase.
Fill in the information as described in Table 133.
Click one of the following buttons:
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.

Table 133: Adding an Exempt Rulebase Quick Configuration Page Summary

Field	Function	Actions
Policy Name	Specifies the name of the IDP policy.	Displays the name of the IDP policy.
Rulebase	Specifies IPS rule to create, modify, delete, and reorder the rules in a rulebase.	Displays the name of the rulebase.
Configure Rule Name and Description
Rule Name	Specifies the name of the IPS rulebase rule.	Type a rule name.
Description	Specifies the description for the rule.	Type the description for the rule.
Rule Match Criteria
From-Zone and Source Addresses/Address Sets
Match	Specifies the match criteria for the source zone for each rule.	Click the option button to enable the match criteria.
Source Address Book	Lists all the from-zone and source addresses/address sets for the policy.	Select the from-zone and source addresses/address sets from the list and do one of the following: To match the from-zone and source address/address sets to the rule, click the left arrow. To remove the rule match for the from-zone exceptions for each rule, click the right arrow.
Except	Specifies the zone exceptions for the from-zone and source address for each rule.	Click the option button to enable the exception criteria.
To-Zone and Destination Addresses/Address Sets
Match	Specifies the match criteria for the to-zone and source addresses for each rule.	Click the option button to enable the match criteria.
Destination Address Book	Lists all the to-zone and destination addresses/address sets for the policy.	Select the to-zone and destination addresses/address sets from the list and do either one of the following: To match the to-zone and destination addresses/address sets to the rule, click the left arrow. To remove the rule match for the to-zone exceptions for each rule, click the right arrow.
Except	Specifies the except criteria for the to-zone and source address for each rule.	Click the option button to enable exception criteria.
Attacks
Predefined Attacks	Specifies predefined attack objects that are used to match the traffic against known attacks.	Type a valid predefined attack name and do either one the following: To add a predefined attack, type it next to the Add button, and click Add. To remove a predefined attack, select it in the Predefined Attacks box, and click Delete.
Predefined Attack Groups	Specifies predefined attack groups that are used to match the traffic against known attack objects.	Enter a valid predefined attack group name and do either one the following: To add a predefined attack group, type it next to the Add button, and click Add. To remove a predefined attack group, select it in the Predefined Attack groups box, and click Delete.
Custom Attacks	Specifies the custom attack objects to detect new attacks that are unique to your network.	Select one or multiple custom attacks from the Custom Attacks List and do either one of the following: To match a custom attack to the rule, click the left arrow. To remove the rule match for the custom attack to the rule, select the rule match and click the right arrow.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]